Everyone I’ve told has replied “I wasn’t aware of that”, which suggests we need an awareness week for the awareness week. It’s an annual event in which governments and companies work together to, well, “raise awareness” of cybersecurity. Tips will be offered, threats will be warned about and products will be advertised. China will be mentioned a lot.

In the US, they have cybersecurity awareness month. Everything sure is bigger over there.

And, yes, we should take cybersecurity awareness seriously. Because most of the things you are told about cybersecurity are lies. As Crikey has demonstrated many times, the actual threat of cybercrime is grossly exaggerated by governments, the corporate media and cybersecurity companies. They exaggerate it with the goal of lifting sales of security products and justifying increases in state control of the internet.

The Australian Financial Review for some months has run a series of beat-ups on the issue, which all follow the same format: claiming routine common-or-garden efforts to access servers as “attacks”, portraying minor breaches as major hacking successes (one article claimed that an effort to access a publicly available stats database at the ABS website was a successful breach by hackers), invoking the threat of Chinese hackers, and quoting cybersecurity consultants and executives who are only too happy to agree that government agencies should spend more on security.

And, it seems, next week’s Four Corners will be running the same line, with its PR plug for Monday’s edition, titled Hacked! (behold the exclamation mark), claiming “a deafening silence surrounds this issue”. The sort of deafening silence in which governments and the media never shut up about it, presumably.

Anyone pointing out the self-interested nature of commentary from the cybersecurity industry, or the obvious flaws in the corporate media narrative of major security breaches, invariably elicits the reaction that they are pretending there is no cybercrime problem at all. In Crikey’s case, this is exactly the opposite of the truth. Crikey is the only media outlet or company in Australia that has undertaken substantive, independent research into the prevalence of cybercrime and established the scale of the problem, with a costing based on verifiable data.

But, in cybersecurity awareness week, this is not yet another article explaining how cybercrime has been exaggerated. This is an attempt to identify the real threat. While corporate media and governments like our own and that of the US repeatedly (and correctly) blame China for much cyberespionage and online crime, in fact the biggest source of cybercrime on the planet is the US government, aided and abetted by governments like our own.

Yes, we’re not the hapless victims of China in any “cyberwar”, we’re every bit as much the aggressors as any other participant.

The US government is the biggest purchaser and producer of “cyberweapons” on the planet. A recent Reuters report by Joseph Menn contained comprehensive detail about how government agencies like the National Security Agency and the Pentagon are pouring money into “zero-day exploits”, vulnerabilities in commonly used systems and software.

US government agencies aren’t devoting significant resources to purchasing these exploits so that they won’t fall into the hands of criminals — they are purchasing them to use.

Hackers, operating at the behest of, or employed by, the Chinese government, the Chinese security establishment and Chinese companies, are indeed a significant threat to Western companies and governments. But the focus on China obscures the extent to which the US remains the most potent, aggressive state cyberpower.

And there’s a lesson from China that the media might do well to learn. The reason China has such a flourishing culture of cybercrime and hacking is because its government devotes enormous resources to controlling the internet and monitoring citizens’ use of it. Chinese hacking is a direct outgrowth of the fact that it is a surveillance state.

And a surveillance state is exactly what governments and corporations, crying “cybersecurity”, want us to become.